<?php
include('db_connect.php');
// echo "1";
include('make_tables.php');
// echo "3";
ob_start();  //core is spitting out blank lines for some reason.
include('core.inc.php');
ob_clean();
// echo "3";
include('feed.inc.php');



$table = mysql_real_escape_string($_POST['df_table']); //is escape here really necessary?  Better safe than sorry.
$action = mysql_real_escape_string($_POST['action']);
// $current_record_id = mysql_escape_string($_POST['df_id']);

$table_info = unserialize(stripslashes(urldecode($_POST['table_info'])));
$plugin_cell = stripslashes($_POST['plugin_cell']);

$uploaded_img = '';


function not_column($word){
	if ($word == 'df_table' || $word == 'action'|| $word == 'df_id' || $word == 'table_info' || $word == 'plugin_cell'){ 
		return true;
	}
	return false;
}

switch ($action) {
	case "create":
		
		$queryA = "INSERT INTO $table (";
		$queryB = ') VALUES ('; 

		//submit values to db, give names for safety
		//example:
		//INSERT INTO office_contacts (office_id, name, office, email, phone, status) VALUES ("23", "a", "s", "d", "f", "1")
				
		foreach ($_POST as $variable => $value){
			if (not_column($variable)) continue;
			
			if($variable != "office_id" && $variable != 'LOB_id'){
				$pieces = explode('_', $variable);  //get rid of the tvnew/tvedit prefix!
				$variable = $pieces[1];
			}
		
			$queryA.=mysql_real_escape_string($variable).', '; //substr remove field name prefix
			
			if(isset($value) && $value != ''){  //make blank null, so throw errors
				$queryB.='"'.trim(mysql_real_escape_string(urldecode($value))).'", ';
			}else{
				$queryB.='null, ';
			}
			
			//handle image uploaded:
			if ($variable == "image"){
				$uploaded_img = $value;
			}
			
		}
		
		//remembering to remove finishing commas:
		$query = substr($queryA, 0, strlen($queryA)-2 ).substr($queryB,0, strlen($queryB)-2).')';
	
	break;
		
	case "update":
		
		$queryA = "UPDATE $table SET ";
		$queryB = '';
		foreach ($_POST as $variable => $value){
			if (not_column($variable)) continue;
			if($variable != "office_id" && $variable != 'LOB_id'){
				$pieces = explode('_', $variable);  //get rid of the tvnew/tvedit prefix!
				$variable = $pieces[1];
			}
			
			if(isset($value) && $value != ''){  //make blank null, so throw errors
				$queryB .= ', '.mysql_real_escape_string($variable).' = \''.trim(mysql_real_escape_string(stripslashes(urldecode($value)))).'\'';
			}
			
			//handle image uploaded:
			if ($variable == "image"){
				$uploaded_img = $value;
			}
		}
		$current_record_id = mysql_escape_string($_POST['df_id']);
		
		
		$query = $queryA.substr($queryB, 2);
		$query .= ' WHERE '.$table_info->getPrimaryKey().' = \''.$current_record_id.'\'';		
	
	break;
	
	case "destroy":
		$current_record_id = mysql_escape_string($_POST['df_id']);
	
		$query = "DELETE FROM $table
		 				WHERE ".$table_info->getPrimaryKey().'=\''.$current_record_id.'\'';
    		
	break;
}

$result = mysql_query($query);

if (!$result) {
    $message  = 'Invalid query: ' . mysql_error() . "\n" . $query;
    die($message);
}

if ($action == "destroy"){
	die('200');
}

if ($action == "create"){
	$current_record_id = mysql_insert_id($conn);  //conn from db_connect.php...
}

if (! empty($uploaded_img)){
	rename('../../../assets/news/tmp/'.$uploaded_img, '../../../assets/news/'.$current_record_id.'_'.$uploaded_img); 
}


//make the returned row output:
$o = '<tr title="'.$current_record_id.'" class="clickable">';

$resource = mysql_query("SELECT * FROM $table WHERE ".$table_info->getPrimaryKey().'='.$current_record_id);
$row = mysql_fetch_assoc($resource);

foreach ($table_info->getSummaryFields() as $column_name => $label){
	$o .=  produce_table_cell($row, $column_name, $table_info->getForeignKeys());
}

$o .= df_parse_plugin_cell($plugin_cell, $current_record_id);

$o .=  '</tr>';

class returnData {
	var $status = '200', $rowData, $id;
	
	function __construct($rowData){
		global $table_info;
		$this->rowData = $rowData; 
	}
}

$resp = new returnData($o);

$resp->id = $current_record_id;

echo json_encode($resp);

?>